Privacy Policy

This Privacy Policy applies to:

• The marketing site at thiic.com and pages under that domain
• The interactive demo at thiic.com/demo
• The downloadable documents available at thiic.com/downloads

This Privacy Policy does NOT apply to:

• The authenticated THIIC portal at portal.thiic.com (separate privacy policy governs the portal — see portal.thiic.com/privacy)
• The partner documentation site at docs.thiic.com (separate privacy policy)
• Summit Audience Segments' commercial site at summitaudiencesegments.com (separate privacy policy)

We collect very limited information when you visit this Site.

Aggregate analytics. We use a privacy-respecting analytics service (Plausible or Fathom) that collects only aggregate, anonymous information: the page you visited, the country you visited from, the type of device you used, and how long you spent on the page. This information cannot be used to identify you personally. We do not use cookies for analytics, do not track you across other websites, and do not build behavioral profiles.

Document downloads. When you download a PDF from thiic.com/downloads, our analytics service records that a download occurred. No personal information is collected for downloads — they are direct downloads from your browser, not gated by any form. We know how many downloads occurred; we do not know who downloaded.

The demo at thiic.com/demo. The demo runs entirely in your browser using the Web Crypto API. All cryptographic operations performed in the demo use synthetic data generated locally on your device. No data from the demo is transmitted to Summit's servers or any other party. The demo does not collect any information about you.

To be clear about what we do not do:

• We do not collect names, email addresses, phone numbers, or other contact information through this Site.
• We do not use tracking cookies.
• We do not use marketing pixels or remarketing tags.
• We do not use third-party advertising networks.
• We do not share data with social media platforms.
• We do not sell information to data brokers.
• We do not transmit anything from the demo to our servers.
• We do not gate any downloads behind email capture forms.

We use the limited aggregate analytics described above to:

• Understand which pages are most useful to visitors
• Identify technical issues with the Site
• Inform future improvements to the documentation and demo

We do not use the information for advertising, profiling, marketing outreach, or any commercial purpose beyond improving the Site.

We do not share Site visitor information with third parties, except:

• With the analytics service that provides our aggregate analytics — only the limited, anonymous data described above
• If required by law, valid legal process, or to protect our legal rights or the safety of others
• In connection with a corporate transaction such as a merger, acquisition, or sale of assets, in which case any successor entity would assume the obligations of this Privacy Policy

Aggregate analytics data is retained by our analytics service for the period specified in that service's own policies (typically up to 24 months). Because the analytics data is anonymous and aggregate, it cannot be associated with a specific person.

We do not retain any other information about Site visitors because we do not collect any other information.

Depending on where you live, you may have rights under data protection law, including:

• California residents (under CCPA / CPRA): the right to know what information is collected about you, the right to delete information, the right to correct information, the right to opt out of "sale" or "sharing" of information, and the right to non-discrimination for exercising these rights. We do not sell or share personal information about Site visitors. The aggregate, anonymous analytics described above are the only Site-level information collected.
• European Economic Area, United Kingdom, and Switzerland residents (under GDPR / UK GDPR): the rights of access, rectification, erasure, restriction of processing, data portability, and objection, as applicable.
• Other states: residents of states with comprehensive consumer privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) may have similar rights under those laws.

Because we collect such limited information through this Site, most of these rights are not directly applicable to our Site visitors. To inquire about your rights or to make a request, contact us at the address in Section 11 below.

This Site is not directed at children under 13. We do not knowingly collect information from children under 13. The Site is intended for technical, security, and commercial audiences evaluating cryptographic protocols.

The Site is served over HTTPS. The downloadable PDFs are served from secure infrastructure. The demo runs entirely in your browser. We follow reasonable practices to protect against unauthorized access to the Site's infrastructure.

No internet-facing service can guarantee absolute security.

We may update this Privacy Policy from time to time. Changes will be posted at thiic.com/privacy with an updated "Last updated" date. Material changes will be highlighted at the top of the policy.

Continued use of the Site after a change indicates acceptance of the updated policy.

Questions about this Privacy Policy or our information practices: